ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 10

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification. Which feature should an identity architect recommend to meet the requirements?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?

Question 91

Report
Export
Collapse

Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers

A.
The web service needs to include Source IP as a method parameter.
A.
The web service needs to include Source IP as a method parameter.
Answers
B.
UC should whitelist all salesforce ip ranges on their corporate firewall.
B.
UC should whitelist all salesforce ip ranges on their corporate firewall.
Answers
C.
The web service can be written using either the soap or rest protocol.
C.
The web service can be written using either the soap or rest protocol.
Answers
D.
Delegated Authentication is enabled for the system administrator profile.
D.
Delegated Authentication is enabled for the system administrator profile.
Answers
E.
The return type of the Web service method should be a Boolean value
E.
The return type of the Web service method should be a Boolean value
Answers
Suggested answer: A, B, E

Question 92

Report
Export
Collapse

Universal containers wants to implement single Sign-on for a salesforce org using an external identity provider and corporate identity store. What type of Authentication flow is required to support deep linking?

A.
Web server Oauth SSO flow.
A.
Web server Oauth SSO flow.
Answers
B.
Identity-provider-initiated SSO
B.
Identity-provider-initiated SSO
Answers
C.
Service-provider-initiated SSO
C.
Service-provider-initiated SSO
Answers
D.
Start URL on identity provider
D.
Start URL on identity provider
Answers
Suggested answer: C

Question 93

Report
Export
Collapse

An architect has successfully configured SAML-BASED SSO for universal containers. SSO has been working for 3 months when Universal containers manually adds a batch of new users to salesforce.

The new users receive an error from salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access salesforce. What is the probable cause of this behaviour?

A.
The administrator forgot to reset the new user's salesforce password.
A.
The administrator forgot to reset the new user's salesforce password.
Answers
B.
The Federation ID field on the new user records is not correctly set
B.
The Federation ID field on the new user records is not correctly set
Answers
C.
The my domain capability is not enabled on the new user's profile.
C.
The my domain capability is not enabled on the new user's profile.
Answers
D.
The new users do not have the SSO permission enabled on their profiles.
D.
The new users do not have the SSO permission enabled on their profiles.
Answers
Suggested answer: B

Question 94

Report
Export
Collapse

Universal containers (UC) has a classified information system that it's call centre team uses only when they are working on a case with a record type of "classified". They are only allowed to access the system when they own an open "classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO with salesforce as the IDP, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying access to the classified information system based on the open "classified" case record criteria?

A.
Use a custom connected App handler using apex to dynamically allow access to the system based on whether the staff owns any open "classified" cases.
A.
Use a custom connected App handler using apex to dynamically allow access to the system based on whether the staff owns any open "classified" cases.
Answers
B.
Use apex trigger on case to dynamically assign permission sets that grant access when a user is assigned with an open "classified" case, and remove it when the case is closed.
B.
Use apex trigger on case to dynamically assign permission sets that grant access when a user is assigned with an open "classified" case, and remove it when the case is closed.
Answers
C.
Use custom SAML jit provisioning to dynamically query the user's open "classified" cases when attempting to access the classified information system
C.
Use custom SAML jit provisioning to dynamically query the user's open "classified" cases when attempting to access the classified information system
Answers
D.
Use salesforce reports to identify users that currently owns open "classified" cases and should be granted access to the classified information system.
D.
Use salesforce reports to identify users that currently owns open "classified" cases and should be granted access to the classified information system.
Answers
Suggested answer: A

Question 95

Report
Export
Collapse

A group of users try to access one of universal containers connected apps and receive the following error message : "Failed : Not approved for access". what is most likely to cause of the issue?

A.
The use of high assurance sections are required for the connected App.
A.
The use of high assurance sections are required for the connected App.
Answers
B.
The users do not have the correct permission set assigned to them.
B.
The users do not have the correct permission set assigned to them.
Answers
C.
The connected App setting "All users may self-authorize" is enabled.
C.
The connected App setting "All users may self-authorize" is enabled.
Answers
D.
The salesforce administrators gave revoked the Oauth authorization.
D.
The salesforce administrators gave revoked the Oauth authorization.
Answers
Suggested answer: B

Question 96

Report
Export
Collapse

Universal containers (UC) wants to integrate a Web application with salesforce. The UC team has implemented the Oauth web-server Authentication flow for authentication process. Which two considerations should an architect point out to UC? Choose 2 answers

A.
The web application should be hosted on a secure server.
A.
The web application should be hosted on a secure server.
Answers
B.
The web server must be able to protect consumer privacy
B.
The web server must be able to protect consumer privacy
Answers
C.
The flow involves passing the user credentials back and forth.
C.
The flow involves passing the user credentials back and forth.
Answers
D.
The flow will not provide an Oauth refresh token back to the server.
D.
The flow will not provide an Oauth refresh token back to the server.
Answers
Suggested answer: A, B

Question 97

Report
Export
Collapse

Universal containers (UC) has decided to use identity connect as it's identity provider. UC uses active directory(AD) and has a team that is very familiar and comfortable with managing ad groups. UC would like to use AD groups to help configure salesforce users. Which three actions can AD groups control through identity connect? Choose 3 answers

A.
Public Group Assignment
A.
Public Group Assignment
Answers
B.
Granting report folder access
B.
Granting report folder access
Answers
C.
Role Assignment
C.
Role Assignment
Answers
D.
Custom permission assignment
D.
Custom permission assignment
Answers
E.
Permission sets assignment
E.
Permission sets assignment
Answers
Suggested answer: A, C, E

Question 98

Report
Export
Collapse

Universal containers wants to set up SSO for a selected group of users to access external applications from salesforce through App launcher. Which three steps must be completed in salesforce to accomplish the goal?

A.
Associate user profiles with the connected Apps.
A.
Associate user profiles with the connected Apps.
Answers
B.
Complete my domain and Identity provider setup.
B.
Complete my domain and Identity provider setup.
Answers
C.
Create connected apps for the external applications.
C.
Create connected apps for the external applications.
Answers
D.
Complete single Sign-on settings in security controls.
D.
Complete single Sign-on settings in security controls.
Answers
E.
Create named credentials for each external system.
E.
Create named credentials for each external system.
Answers
Suggested answer: A, B, C

Question 99

Report
Export
Collapse

Universal containers (UC) is concerned that having a self-registration page will provide a means for "bots" or unintended audiences to create user records, thereby consuming licences and adding dirty dat a. Which two actions should UC take to prevent unauthorised form submissions during the selfregistration process? Choose 2 answers

A.
Use open-ended security questions and complex password requirements
A.
Use open-ended security questions and complex password requirements
Answers
B.
Primarily use lookup and picklist fields on the self registration page.
B.
Primarily use lookup and picklist fields on the self registration page.
Answers
C.
Require a captcha at the end of the self-registration process.
C.
Require a captcha at the end of the self-registration process.
Answers
D.
Use hidden fields populated via java script events in the self-registration page.
D.
Use hidden fields populated via java script events in the self-registration page.
Answers
Suggested answer: C, D

Question 100

Report
Export
Collapse

Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

A.
Implement jit provisioning on the SAML IDP that will pass the profile id in each assertion.
A.
Implement jit provisioning on the SAML IDP that will pass the profile id in each assertion.
Answers
B.
Create an apex scheduled job in one org that will synchronize the other orgs profile.
B.
Create an apex scheduled job in one org that will synchronize the other orgs profile.
Answers
C.
Implement Delegated Authentication that will update the user profiles as necessary.
C.
Implement Delegated Authentication that will update the user profiles as necessary.
Answers
D.
Implement an Oauthjwt flow to pass the profile credentials between systems.
D.
Implement an Oauthjwt flow to pass the profile credentials between systems.
Answers
Suggested answer: A
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms